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What is claimed is: 

11. A machine-implemented method for managing access to data, the method comprising the 

2 steps of: 

3 detecting that a database command requires access to a particular combination of 

4 information that is located in at least two tables; and 

5 in response to the step of detecting, if the particular combination is a combination to 

6 which access is limited, rewriting said database command by creating a modified 

7 database command, based on the database command. 

1 2. The method of claim 1, wherein the step of detecting causes an invocation of a policy that 

2 causes a generation of a condition expression; and 

3 wherein rewriting causes the modified database command to include the condition 

4 expression. 

1 3. The method of claim 2, wherein the generation of the condition expression is performed by 

2 referencing a policy function that returns the condition expression. 

1 4. The method of claim 2, wherein the policy is not triggered by detecting that a database 

2 command requires access to a subset of tables of the at least two tables, wherein the subset of tables 1 

3 includes at least one table. 

1 5. The method of claim 2, wherein the detecting detects metadata includes one or more 

2 parameters that indicate which tables and which columns of the tables form the particular 

3 combination of information. 
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1 6. The method of claim 1 , wherein the particular combination of information is a particular 

2 combination of columns. 

1 7. The method of claim 6, wherein the detecting includes detecting that metadata defines the 

2 particular combination of columns as a combination of columns to which access is controlled. 

1 8. The method of claim 1 , further comprising the step of registering a policy function with a 

2 policy, wherein the policy function returns a condition expression, and the modified database 

3 command is based on the condition expression and the database command. 

1 9. The method of claim 8, wherein the policy includes metadata identifying columns that are 

2 included in the particular combination of information. 

3 10. A machine-readable medium carrying one or more sequences of instructions, which when 

4 executed by one or more processors, causes the one or more processors to perform a method 

5 comprising the steps of: 

6 detecting that a database command requires access to a particular combination of 

7 information that is located in at least two tables; and 

8 in response to the step of detecting, if the particular combination is a combination to which 

9 access is limited, rewriting said database command by creating a modified database 
10 command, based on the database command. 
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1 11. The machine readable medium of claim 10, wherein the step of detecting causes an 

2 invocation of a policy that causes a generation of a condition expression; and 

3 wherein rewriting causes the modified database command to include the condition 

4 expression. 

1 12. The machine readable medium of claim 11, wherein the generation of the condition 

2 expression is performed by referencing a policy function that returns the condition expression. 

1 13. The machine readable medium of claim 1 1 , wherein the policy is not triggered by detecting 

2 that a database command requires access to a subset of tables of the at least two tables, wherein the 

3 subset of tables includes at least one table. 

1 14. The machine readable medium of claim 1 1 , wherein the detecting detects metadata includes 

2 one or more parameters that indicate which tables and which columns of the tables form the 

3 particular combination of information. 

1 15. The machine readable medium of claim 1 0, wherein the particular combination of 

2 information is a particular combination of columns. 

1 16. The machine readable medium of claim 15, wherein the detecting includes detecting that 

2 metadata defines the particular combination of columns as a combination of columns to which 

3 access is controlled. 
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1 1 7. The machine readable medium of claim 10, wherein the method further comprises the step 

2 of registering a policy function with a policy, wherein the policy function returns a condition 

3 expression, and the modified database command is based on the condition expression and the 

4 database command. 

1 18. The machine readable medium of claim 1 7, wherein the policy includes metadata 

2 identifying columns that are included in the particular combination of information. 
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